Compatibility, excessive, and coexistence of IPv6 network protocols

Source: Internet
Author: User

Here we will introduce the IPv6 network protocol. This protocol is an upgraded version of IPv4. However, at present, the Internet is in an excessive phase of Two-Protocol handover, which leads to an important problem-security. In this unstable situation, security vulnerabilities may easily occur. How can we prevent them?

First, let's take a look at some basic knowledge about IPv6 network protocols. You may know what are the main factors driving IPv6 application, and our IP address space will be used up! Currently, the IPv4 32-bit address scheme can only accommodate 4.3 billion unique addresses. Although this number sounds great, we have 6.4 billion million people on our planet. Each person cannot own an IP address. However, some people still need more than one IP address, such as the IP address between the work location and the home, the mobile phone with the IP function, and other network devices. The explosive growth of technologies in emerging markets, especially in the Asia Pacific region, requires a new IP address space. IPv6 uses the 128-bit addressing technology to solve this problem. The number of IP addresses allowed by the IPv6 network protocol is 3.4x10 to the power of 38. This takes a long time for us to use up a large number of IP addresses.

Although IPv6 is a secure protocol, the transition from IPv4 to IPv6 poses new risks and weakens the security policy of the Organization. Learn about potential hazards and how to make a smooth transition with security. If you have not considered the impact of IPv6 on your network security, it is time to consider it! This IPv6 alternative to the vulnerability IPv4 protocol is currently being applied on the Internet, and even if you do not know it, it already exists in your network.

Now let's take a look at the five problems that affect our network:

1. Security personnel need education and training on IPv6 protocols.IPv6 will enter your network under your control, which is just a matter of time. Like many new network technologies, it is very important to learn basic IPv6 knowledge, especially addressing solutions and Protocols, to adapt to event processing and related activities.

2. security tools need to be upgraded.IPv6 is not backward compatible. The hardware and software used for communication routing and security analysis of the entire network must be upgraded to support the IPv6 protocol. Otherwise, these hardware and software do not support the IPv6 network protocol. Remember this when using boundaries to protect devices. To be compatible with IPv6. routers, firewalls, and intrusion detection systems all require software or hardware upgrades.

3. Additional settings are required for existing devices.Devices that support IPv6 regard it as a completely independent protocol. Therefore, the access control list, rule repository, and other configuration parameters must be re-evaluated and converted to an environment that supports IPv6. Contact the relevant manufacturer for detailed instructions.

4. New risks arising from tunneling protocols.Network and security groups have spent a lot of time and effort to ensure that IPv6 is a secure protocol. However, one of the biggest risks of such conversions is the use of tunnel protocols to support translation to IPv6. These protocols allow IPv6 communication to be isolated when IPv4 data streams pass through incompatible devices. Therefore, your network users can use these tunneling protocols to run IPv6. If this is a worrying problem, block the IPv6 tunnel protocol within your border.

5. Automatic IPv6 settings can cause addressing complexity.Another interesting feature of IPv6 is automatic configuration. The automatic setting function allows the system to automatically obtain a network address without administrator intervention. IPv6 supports two different automatic configuration technologies. The automatic setting of monitoring status uses DHCPv6, which is a simple upgrade to the current DHCP protocol. It is not very different from the security perspective. In addition, pay attention to the automatic setting function of the non-monitoring status. This technology allows the system to generate its own IP address and check the address repeatability. From the perspective of system management, this kind of non-centralized method may be easier, but for tracking the use or misuse of network resources !) For network administrators, this approach poses a great challenge.

As you said, IPv6 is revolutionary. IPv6 allows us to prepare for ubiquitous access over the next decade. However, like other technical innovations, we need to pay attention to IPv6.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.